On Tue, Oct 31, 2017 at 11:33:13AM +0100, David Given wrote: > * Package name: wordgrinder > Version: 0.7-1
> WordGrinder's not a new package --- it's been in Debian since wheezy. > Unfortunately my existing sponsor has retired and is unable to upload > the new version, so for the this version I'm looking for a new > sponsor. The package should be in pretty good shape as the old sponsor > waa pretty conscientous; it's lintian clean, has hardening enabled, > and uses dquilt for patching. > > Disclaimer: when I'm wearing my other hat, I am the upstream author. > > Changes since the last upload: > > - New upstream release I'm afraid the new version ships a bunch of big external projects such as lua-5.1, minizip, uthash (aka "convenience copies"). It'd be better to remove them from the tarball to ensure only the system version is used -- this greatly helps the Security Team. This is not strictly needed, but there should be a good reason to do otherwise. You also don't even mention them (other than uthash) in the copyright file, despite them not having been written by you. There's also a bunch of smaller files from external source (lfs, wcwidth, lua-bitop) -- you also falsely claim that you own copyright for them. (Yeah, copyright issues are an unfun thing, but these days lawyers rule the world.) Meow! -- ⢀⣴⠾⠻⢶⣦⠀ Laws we want back: Poland, Dz.U. 1921 nr.30 poz.177 (also Dz.U. ⣾⠁⢰⠒⠀⣿⡁ 1920 nr.11 poz.61): Art.2: An official, guilty of accepting a gift ⢿⡄⠘⠷⠚⠋⠀ or another material benefit, or a promise thereof, [in matters ⠈⠳⣄⠀⠀⠀⠀ relevant to duties], shall be punished by death by shooting.
